Director of Cybersecurity

Soar is a global fintech startup that specializes in financing and investment. Currently headquartered in Saudi Arabia, Soar is growing throughout the region with a mission to help people achieve their financial goals with innovative financial and property investment solutions and tools via its multi‑purpose platform, designed to offer a simple and seamless user experience.

You will be the architect of our "Security by Design" philosophy. Your primary mandate is to embed security into every stage of our software development lifecycle—from the first line of code to production deployment. You will leverage AI-driven tools to automate threat detection and vulnerability management, ensuring that our speed of innovation is matched by our speed of defense.

• Secure Software Development Life Cycle (SSDLC)
  • Shift Left Security: Champion the integration of security early in the development phase. Lead threat‑modeling sessions during the design phase of new features to identify risks before code is written.
  • CI/CD Pipeline Security: Automate security gates within our deployment pipelines. Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools.
  • Secure Coding Standards: Establish and enforce secure coding guidelines (OWASP Top 10, SANS 25) for our engineering team. Conduct regular code reviews and security training for developers.
• AI & Automation Integration
  • AI‑Enhanced AppSec: Utilize AI‑powered code analysis tools to reduce false positives in vulnerability scanning and provide auto‑remediation suggestions to developers.
  • Automated SOAR: Build and maintain a Security Orchestration, Automation, and Response (SOAR) framework. Create playbooks that automatically isolate compromised assets or block malicious IPs without human intervention.
  • Predictive Defense: Deploy AI‑driven network monitoring to detect behavioral anomalies in our self‑hosted infrastructure (e.g., zero‑day attacks or lateral movement) that traditional rules may miss.
• Infrastructure & Network Security (Self‑Hosted)
  • Hardening: Oversee the security hardening of our self‑hosted environments (Kubernetes clusters, Docker containers, and Linux servers).
  • Traffic Analysis: Manage WAF (Web Application Firewall) rules and DDoS protection layers, ensuring high availability for our customers.
  • Secrets Management: Enforce strict secrets management (e.g., Vault) to ensure no credentials are hardcoded in the application.
• GRC (Governance, Risk & Compliance)
  • Regulatory Adherence: Ensure our SSDLC and operations strictly adhere to SAMA’s Cybersecurity Framework and NCA’s Essential Cybersecurity Controls (ECC).
  • Audit Readiness: Automate evidence collection for compliance audits to minimize manual overhead.
  • Data Residency: Ensure all AI processing and data storage complies with the Personal Data Protection Law (PDPL), keeping critical data within KSA.

• Experience: 6+ years in Cybersecurity, with specific experience in Application Security or DevSecOps.
• Managerial: Proven ability to lead technical initiatives and influence engineering teams.
• Tech Stack: Deep experience with CI/CD tools (Jenkins, GitLab, GitHub Actions), Container Security (Kubernetes/Docker), and Python/Go scripting.

• SSDLC Mastery: Expert knowledge of integrating security tools (SonarQube, Checkmarx, Burp Suite, etc.) into a pipeline.
• AI/Automation: Experience implementing AI‑based security tools (e.g., Darktrace, Vectra, or AI‑enabled SIEMs) and writing automation scripts.
• Regulatory Knowledge: Strong understanding of SAMA regulations regarding application security and data protection.

• CSSLP (Certified Secure Software Lifecycle Professional) – Highly Preferred
• CISSP (Certified Information Systems Security Professional)
• OSCP (Offensive Security Certified Professional)